Alerts This Week
Warning Icon 1 640
Alerts This Week
Warning Icon 1 640

Debian DSA 1371-1 Urgent: phpMyAdmin Flaw Leads to Remote DOS Vulnerability

debian
Calendar Grey September 10, 2007
Debian Logo
Debian Security Advisory highlights phpMyAdmin flaws and necessary fixes to ensure secure web management and server reliability.
Several remote vulnerabilities have been discovered in phpMyAdmin, a program to administrate MySQL over the web

Summary


CVE-2007-1325

The PMA_ArrayWalkRecursive function in libraries/common.lib.php
does not limit recursion on arrays provided by users, which allows
context-dependent attackers to cause a denial of service (web
server crash) via an array with many dimensions.

This issue affects only the stable distribution (Etch).

CVE-2007-1395

Incomplete blacklist vulnerability in index.php allows remote
attackers to conduct cross-site scripting (XSS) attacks by
injecting arbitrary JavaScript or HTML in a (1) db or (2) table
parameter value followed by an uppercase end tag,
which bypasses the protection against lowercase .

This issue affects only the stable distribution (Etch).

CVE-2007-2245

Multiple cross-site scripting (XSS) vulnerabilities allow remote
attackers to inject arbitrary web script or HTML via (1) the
fieldkey parameter to browse_foreigners.php or (2) certain input
to the PMA_sanitize function.

CVE-2006-6942

Multip...

Read the Full Advisory

Severity
critical
Lowest
Low
Medium
High
Critical

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here